discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
- Date: Wed, 02 Aug 2017 11:44:15 -0600
- Authentication-results: mx2.computerrehab.us; dmarc=none header.from=sourpuss.net
- Dmarc-filter: OpenDMARC Filter v1.3.0 mx2.computerrehab.us 4CC482D707
I received complaints today that outgoing emails are getting blocked by spamhaus SBL due to resolving tehnomix.bit. The block is on a single IP address with a /32 mask, so damage is limited but unfortunately still causing a problem. For now this domain has been blackholed into 127.0.0.1. Anyone using ns1.co.us.dns.opennic.glue will be affected by this.
Checking my logs, I've had 301,958 lookups on my servers in the past 11.5 hours. Apparently I screwed something up with my new internet connection because my servers are supposed to require whitelisting but they are answering all queries... gonna have to fix that!
Also of note... since the block is for a single IP address, I believe the issue is that the DNS server is on the same IP and my mail server. Unlike the others here, I did NOT receive any notice from spamhaus regarding being blocked.
Now for anyone else in a bind that needs to blackhole a specific domain name under BIND9, the process is fairly simple, but as mentioned previously you want to be open about any such changes you make to OpenNic servers, and any such blocking is typically not allowed under opennic rules...
-----
First you want to create a zone file to handle generic entries:
-- db.blacklisted --
;
; Blacklisted domains that should be blocked from resolving
;
$TTL 3600
@ IN SOA ns1.example.com. hostmaster (
2017080200 ; serial
3600 ; refresh
180 ; retry
86400 ; expire
3600 ; default TTL
)
IN NS 127.0.0.1
IN A 127.0.0.1
* IN A 127.0.0.1
IN AAAA ::1
* IN AAAA ::1
Next you need config file for BIND9 to handle to entries:
-- /etc/bind/named.blacklisted --
zone "letit2.bit" {type master; file "/path/to/db.blacklisted";};
zone "tehnomix.bit" {type master; file "/path/to/db.blacklisted";};
And finally, add an include to your named.conf:
include "/etc/bind/named.blacklisted";
Reload bind, and check to see the results:
# dig tehnomix.bit @localhost
;; ANSWER SECTION:
tehnomix.bit. 3600 IN A 127.0.0.1
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/03/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Amunak, 08/05/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/06/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Amunak, 08/05/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Jeff Taylor, 08/04/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Daniel Quintiliani, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Al Beano, 08/02/2017
- Re: [opennic-discuss] letit2 [.] bit blacklist, Calum McAlinden, 08/02/2017
Archive powered by MHonArc 2.6.19.